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DETAILED ACTION 

1. This action is responsive to the communication filed on November 24, 
2003. Claims 1-22 are pending. At this time, claims 1-22 are rejected. 

Information Disclosure Statement 

2. The information disclosure statement (IDS) submitted on March 11, 2005; 
May 9, 2005; and January 31, 2007 is acknowledged The submission is in compliance 
with the provisions of 37 CFR 1.97. Accordingly, the information disclosure statement is 
being considered by the examiner. 

Claim Rejections - 35 USC § 103 

3. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for 
all obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

4. Claims 1-22 are rejected under 35 U.S.C. 103(a) as being unpatentable 
over Slemmer (US 6,240,533 B1), and further in view of Maufer et al (US 7,143,188 
B2). 

a. Referring to claim 1: 

i. Slemmer teaches a firewall, comprising: 

(1) a first port configured for communication with a first 
device within a first network (see Figures 4 & 5 and further details on column 4, line 
52 of Slemmer); 

(2) a second port configured for communication with a 
second device within the first network (see Figures 4 & 5 and further details on 
column 4, lines 52-53 of Slemmer); 

(3) a third port configured for communication between the 
first network and a second network (see Figures 4 & 5 and further details on column 
4, lines 51-58 of Slemmer); and 
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(4) at least one processor configured to: determine that a 
first portion of the incoming packets should be bridged, the first portion having a first 
source address and a first destination address within the first network (column 4, lines 
7-32 of Slemmer); 

(5) apply a first screening process to the first portion 
(column 4, lines 32-41 of Slemmer); 

(6) determine that a second portion of the incoming 
packets should be routed, the second portion having a second source address or a 
second destination address outside the first network; and apply a second screening 
process to the second portion (column 4, lines 42-67 through column 5, lines 1-10 of 
Slemmer). 

ii. Although Slemmer teaches a firewall, Slemmer is silent on 
the capability of showing the source address (if indeed is inherently in Slemmer). On 
the other hand, Maufer teaches the source and destination address (column 1, lines 
40-62; column 3, lines 60-67 of Maufer). 

iii. It would have been obvious to a person having ordinary skill 
in the art at the time the invention was made to: 

(1) have modified the invention of Slemmer (if indeed is 
not inherently) with the teaching of Maufer to form a packet (column 3, lines 59-60 of 
Maufer). 

iv. The ordinary skilled person would have been motivated to: 
(1) have modified the invention of Slemmer (if indeed is 

not inherently) with the teaching of Maufer to enhanced security for communication over 
a network, and more particularly to integration of Network Address Translation (NAT) 
with Internet Protocol Security (IPSec) (column 1, lines 8-11 of Maufer). 
b. Referring to claim 2: 

i. Slemmer further teaches: 

(1) wherein the at least one processor is configured to 
control traffic between the first device and the second device according to a spanning 
tree protocol (column 3, lines 54-67 through column 4, lines 1-3 of Slemmer). 
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c. Referring to claim 3: 

i. Slemmer further teaches: 

(1) wherein the at least one processor is configured to 
control traffic between the first device and the second device according to one or more 
fields in a layer 2 header of a packet (column 3, lines 54-67 through column 4, lines 
1-3; column 4, lines 30-32 of Slemmer). 

d. Referring to claim 4: 

i. Slemmer teaches: 

(1) wherein the at least one processor is configured to 
perform an initial check on a packet, wherein the procedures of the initial check are 
selected from the group consisting of checking for broadcasting, multicasting and 
Internet protocol fragments (column 4, lines 59-67 through column 5, lines 1-11 of 
Slemmer). 

e. Referring to claim 5: 

i. The combination of teaching between Slemmer and Maufer 
teaches the claimed subject matter. Maufer further teaches: 

(1) wherein the at least one processor is configured to 
apply the first screening process according to security policies implemented at one or 
more of layers 3 through 7 (column 2, lines 45-67 of Maufer). 

f. Referring to claims 6-7: 

i. These claims have limitations that is similar to those of claim 
5, thus they are rejected with the same rationale applied against claim 5 above. 

g. Referring to claim 8: 

i. This claim has limitations that is similar to those of claim 1, 
thus it is rejected with the same rationale applied against claim 1 above. 

h. Referring to claims 9-12: 

i. These claims consist a method of implementing a firewal in 
claim 1, thus they are rejected with the same rationale applied against claims 1, 4-5 
above. 

i. Referring to claims 13-16: 
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i. These claims consist a computer program embodied in a 
machine-readable medium, the computer program comprising instructions for controlling 
a firewall to implement claim 1 , thus they are rejected with the same rationale applied 
against claims 1 , 4-5 above. 

j. Referring to claim 17: 

i. The combination of teaching between Slemmer and Maufer 
teaches the claimed subject matter. Maufer further teaches: 

(1) further comprising a control plane configured to build 
a bridge table (see figures 5A-B and more details in column 3, lines 64-67; column 
5, lines 57-67 through column 6, lines 1-6 of Maufer). 
kj. Referring to claim 18: 

i. The combination of teaching between Slemmer and Maufer 
teaches the claimed subject matter. Maufer further teaches: 

(1) wherein the control plane is further configured to 
inspect one or more of DHCP, ARP or OSPF packets (column 1, lines 40-48; column 
7, lines 2-12 of Maufer). 

I. Referring to claim 19: 

i. The combination of teaching between Slemmer and Maufer 
teaches the claimed subject matter. Maufer further teaches: 

(1) wherein the control plane is further configured to 
builds a routing table (see figures 5A-B and more details in column 3, lines 64-67; 
column 5, lines 57-67 through column 6, lines 1-6 of Maufer). 
m. Referring to claim 20: 

i. The combination of teaching between Slemmer and Maufer 
teaches the claimed subject matter. Maufer further teaches: 

(1) further comprising a data plane configured to enforce 
screening policies (column 2, lines 45-67 of Maufer). 
n. Referring to claim 21: 

i. The combination of teaching between Slemmer and Maufer 
teaches the claimed subject matter. Maufer further teaches: 
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(1) wherein the data plane is further configured to 
determine whether to bridge or route packets (column 6, lines 7-21 of Maufer). 
o. Referring to claim 22: 

i. The combination of teaching between Slemmer and Maufer 
teaches the claimed subject matter. Maufer further teaches: 

(1) wherein the data plane is further configured to rewrite 
packet headers before transmitting packets (column 2, lines 45-67). 

Conclusion 

5. The prior art made of record and not relied upon is considered pertinent to 
applicant's disclosure. 

a. Syvanne et al (US 2003/0149766 A1) discloses the invention 
relates to processing configuration of a network node, such as for example a firewall, 
and for sharing the configuration management between several administrators (see 
abstract). 

b. Chen et al (US 7,093,283) discloses a method and apparatus for 
deploying configuration instructions to security devices in order to implement a security 
policy on a network (see abstract). 

Any inquiry concerning this communication or earlier 
communications from the examiner should be directed to Thanhnga (Tanya) Truong 
whose telephone number is 571-272-3858. 

If attempts to reach the examiner by telephone are unsuccessful, 
the examiner's supervisor, Kim Vu can be reached at 571-272-3859. The fax and 
phone numbers for the organization where this application or proceeding is assigned is 
571-273-8300. 

Any inquiry of a general nature or relating to the status of this 
application or proceeding should be directed to the receptionist whose telephone 
number is 571-272-2100. 
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